CVE-2020-7528Deserialization of Untrusted Data in Scadapack 7X Remote Connect

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 38.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Scadapack 7X Remote Connect
Timeline
PublishedSep 16
Latest updateMay 24

Description

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hqx3-2rj3-qx6v: A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V32022-05-24
CVEList
CVE-2020-7528: A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V32020-09-16
CVE-2020-7528 — Deserialization of Untrusted Data | cvebase